What is WebhookLab for?
WebhookLab turns events into reliable, testable, traceable integrations by validating contracts, generating signed payloads, inspecting attempts, replaying safely, and exporting evidence across the PlatPhormNews tool network.
FAQ
WebhookLab Questions
Public-safe access, protected actions, signatures, redaction, and delivery evidence.
What works without credentials?
The public Lab shell, local-only simulation, transient signature generation and verification, pasted contract validation, docs, discovery files, health summaries, and read-only MCP introspection work without login.
When is PLATPHORM_API_KEY required?
Persistent endpoint registration, third-party sends, delivery replay, cancel, contract mutation, private delivery detail, report publishing, sync jobs, and protected MCP tools require Authorization bearer or X-PlatPhorm-API-Key using PLATPHORM_API_KEY.
Are signing secrets stored?
No. Public signature tools use transient secrets only, return redacted canonical-string evidence, and never persist raw signature secrets.
Does WebhookLab expose raw endpoint URLs or private payloads publicly?
No. Public summaries redact payloads, headers, secrets, endpoint URLs, IP metadata, and raw x-vercel-ja4-digest values.